[原文]Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.

-
漏洞描述

Gibraltar Firewall contains a flaw that may fail to detect some viruses. The issue is triggered when the clamav virus scanning plugin for squid has been updated to version 0.81, which removed the method formerly used to scan internal memory buffers for viruses. This causes clamav and Gibraltar to report that no virus has been found even if if the squid memory buffers contained a virus. It is possible that the flaw may allow viruses to pass through the firewall undetected resulting in a loss of integrity and/or availability.

-
时间线

公开日期:
2005-05-01

发现日期:
Unknow

利用日期:Unknow

解决日期:Unknow

-
解决方案

Upgrade to version 2.2a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

-
受影响的程序版本

Gibraltar Gibraltar Firewall 2.2
Gibraltar Gibraltar Firewall 2.2 a

-
不受影响的程序版本

Gibraltar Gibraltar Firewall 2.2 a

-
漏洞讨论

Gibraltar is susceptible to an antivirus scan evasion vulnerability. This issue presents itself because of an oversight in the design of the firewall product, due to a change of features of the ClamAV antivirus scanning engine.

This vulnerability allows malicious content to pass undetected by an affected firewall acting as an HTTP proxy, leading to a false sense of security.

-
漏洞利用

An exploit is not required.

-
解决方案

The vendor has released version 2.2a of the affected firewall package. Users of affected packages are urged to contact the vendor for information on obtaining fixes.